A cybercriminal breached and leaked sensitive data from the New Zealand Cruise Association, exploiting an outdated WordPress system. The leak contains personal, operational, and login information, risking targeted attacks and identity theft. #NZCA #WordPressSecurity
Keypoints
- A threat actor exploited vulnerabilities in the NZCA’s WordPress e-commerce system to access sensitive data.
- The breach involved the exfiltration of member information, including login credentials and personal details.
- The attacker posted evidence of the breach on an online forum, revealing data structure and content.
- Leaked data includes hashed passwords, session tokens, and administrative account details.
- The exposure of this data could lead to targeted cyberattacks, phishing, and identity theft for affected organizations and individuals.